DDoS attacks are increasing by 31% year on year. In France, 8 out of 10 companies are affected.
Unlike other types of cyber attacks, DDoS attacks do not attempt to breach your security perimeter or steal data. Their purpose is to make your website and server unavailable. They can also serve as a smokescreen for other malicious activities.
DDoS attacks can be brief or repetitive, with effects on your website that can last for days, weeks or even months. How to avoid them? Before answering this question, let’s go back to the definition of this attack.
DDoS attack, “Zombies” attack
DDoS stands for Distributed Denial of Service. This attack attempts to disrupt a website or network by flooding it with traffic.
To better understand how this works, imagine waiting for a call from a friend. Suddenly, thousands of numbers start calling you all at once without any reason. Your friend’s chances of receiving a call are greatly reduced… Also, your telephone line will become completely saturated and unusable during this time.
At the computing level, a DDoS attack infiltrates a web server, to send so many requests to serve a page, that it collapses under on demand, or a database that receives too many requests. The result is that the available Internet bandwidth, CPU and RAM capacity are exceeded. The impact can range from minor inconvenience caused by disruption of services to bringing websites, apps or even entire businesses offline.
Denial of service attacks use malware to create a botnet, which can be thought of as an army of “zombie” computers. This army is sent to the front, across a network, to attack a website or online service.
In many cases, the owner of a “zombie” PC is unaware of a malware infection. She herself is the victim of the script that will launch the DDoS attack.
There are several types of DDoS attacks which are classified into 3 main categories:
volume attack
Volume-based DDoS attacks are the most common. Hackers use a large number of computers and Internet connections (often spread all over the world) to flood a website with traffic. target? Constrain the available bandwidth.
Legitimate traffic cannot be found, and hackers manage to take down the site. An example of a volume-based attack is User Datagram Protocol (UDP) flooding. The hacker sends packets of unknown information and protocols to destabilize and bring down the network.
protocol attack
Unlike volume-based attacks, protocol attacks aim to exhaust server resources rather than bandwidth. They specifically target intermediaries between the server and the website, such as firewalls and load balancers. Hackers take over web pages and resources by making fake protocol requests to consume all available resources.
An example of this type of attack is the Smurf DDoS or rebound attack. The targeted network responds to attacks by targeting itself, increasing its overhead.
L7 or app attack
In general, L7 attacks require fewer resources than the previous two, while it is the most sophisticated. They target vulnerabilities within applications (hence their name) such as Apache, Windows and OpenBSD.
They bring down servers by imitating user traffic behavior, making a large number of requests that seem legitimate at first glance. L7 attacks attempt to disrupt specific functions or features of a website, such as online transactions. However, unlike other attacks, they can go unnoticed.
DDoS attacks are evolving every day. A new trend is “mixed attacks”. To distract, hackers launch a protocol attack, then an L7 attack. These types of threats are ever increasing, complex and sometimes difficult to counter.
How do you know if you are under a DDoS attack?
A denial of service attack generates a lot of traffic to your site, which creates an awkward situation. How do you know if your site is performing well or if you are currently maneuvering from hackers?
To get started, see where your traffic is coming from. If you notice a sudden increase in the number of visitors, look for the reason: a marketing campaign, a quote from your company on television, a promotional email, the publication of a post on a social network (by your brand or an influencer), etc.
In the event that there is no marketing action going on to explain this sudden increase, wait a few minutes. If an interruption occurs due to an increase in legitimate traffic, there is usually little time for the site to be up and running again.
Finally, to fully answer the question of how to know if you have been subject to a DDoS attack, be aware that there are several clues that should alert you:
- The website is unavailable for several minutes for no apparent reason.
- It takes a long time to reach the website.
- The same IP address makes a lot of requests in a matter of seconds.
- Your server is responding with error 503 because of service shutdown.
- The TTL (time to live) of a ping request has been exceeded.
- You notice slowness issues on your other internal devices connected to the same network as your website.
How to counter DDoS attack?
In cyber security, prevention is always better than cure. This is even more true in the case of DDoS attacks. You don’t want to see your site inaccessible for hours or even days. You run the risk of losing revenue…
So how do you counter a DDoS attack? Here are some best practices to adopt now:
Implement DDoS attack prevention solutions
Equip your network, applications and IT infrastructure with multi-layered security strategies. This could be prevention management systems that combine firewalls, VPNs, anti-spam, content filtering, and other layers of security.
Their goal will be to monitor activity and identify traffic anomalies that are characteristic of DDoS attacks.
Use a Content Delivery Network (CDN)
A modern and effective way of dealing with denial of service attacks is to use Content Delivery Networks (CDNs). Since DDoS attacks work by overloading servers, CDNs can help by equally sharing the load across multiple servers that are geographically distributed and close to users.
Thus, if one server fails, the others continue and take over.
Assess your network’s vulnerability
With the help of your IT manager, identify vulnerabilities in your network so that you can reinforce the vulnerabilities and combat them before they become a DDoS attack.
To do this, it is necessary to take an inventory of all the devices that are on the network. It is an opportunity to identify those that are obsolete or useless, to remove them. In relation to the retainers, specify their functions, system information and any vulnerabilities associated with them. You will see the corrective measures automatically.
This vulnerability audit of your network should be performed on a regular basis to best anticipate all cyber security threats.
move to the cloud
There are many benefits to migrating your data to the cloud. Cloud providers offer a high level of cyber security, including firewalls and threat monitoring software. Which can help protect your property and network from DDoS attacks.
The cloud has more bandwidth than most private networks, which allows it to withstand the pressure of denial-of-service attacks. Additionally, vendors provide network redundancy, replicated copies of your data, systems, and equipment.
If your service is corrupted or unavailable due to a DDoS attack, you still have a backup of the versions of your website, applications, and tools.
How to prevent DDoS attack?
A DDoS attack can cause your website to go down, your search engine rankings to drop and of course your data can be lost. Even with protective measures, risk 0 does not exist.
Here’s how to prevent a DDoS attack:
more budget bandwidth
One of the quick ways to prevent a DDoS attack is to expand your bandwidth as soon as you notice a sudden, inexplicable increase in the amount of traffic to your site.
Most web hosts allow you to quickly expand your bandwidth and support an additional spike in traffic. This will give you time to trace the core of the attack and counter it thoroughly.
Protect your network perimeter
In the first minutes after a DDoS attack, some technical measures will help you minimize the effects. For example, you can do:
- Limit the speed of your router to avoid overloading your web server.
- Add filters to tell your router to drop packets from obvious attack sources.
- Delay half-open connections more aggressively.
- Drop fake or malformed packets.
- Set lower limits to eliminate SYN, ICMP and UDP floods.
contact your host
Depending on the strength of the DDoS attack, the hosting company may have already detected it or it may even be the target.
Its data center probably has larger bandwidth and higher capacity routers than your company. Its employees also have experience in dealing with cyber threats. So don’t hesitate to warn him as soon as the attack starts.
The host may “route block” your traffic to prevent packets from reaching your site.
Our Tactics to Combat DDoS Attacks
After a DDoS attack, analyze your logs to identify targeted services, assess damage and usage patterns. This will allow you to identify your weak points to strengthen your defenses. In case of theft of personal data, file a complaint with the police station and inform CNIL.
To combat and prevent DDoS attacks before they happen, call a cyber security expert by posting an ad on Codeur.com. It can help you keep your computer network and your website as secure as possible.